Hai, On testing ping replay for my embedded hardware(LPC2378(MAC) + KSZ8091(PHY) ) from my pc ,I am receiving the Ping replies in wireshark with no errors, but my application on PC side(CMD terminal) is showing time out. Also wire shark is marking the response packet as reply for the request.What would be the reason for that?? I compared the response with a ping response from another PC all the fields seems to be ok .. Please add your comments. Thanks Sreekanth MK asked 29 Feb '16, 04:54  gladiator |
One Answer:
OK, so the reply is completely fine except one thing, which is the IP checksum. Can you permit IP checksum evaluation and check whether it is correct for both the ping replies from your embedded device and the ping replies from the other PC? Normally, IP (or TCP, or UDP) checksums may be shown as wrong for packets sent by the machine on which you capture if the packet processing is offloaded from the OS network stack to the network card hardware. For received packets, Wireshark should mark the checksum as incorrect only if it really is. So if the icmp replies from the other PC have correct checksums while the icmp replies from your embedded devices have them wrong, we have the answer. If not, the next step would be to disable Windows firewall (or any 3pty firewall software) on the PC from which you ping and try again. answered 29 Feb '16, 06:30  sindy Hai, Thank you for pointing that. Yes that was due to IP header checksum error. I thought that was not necessary as wireshark is showing checksum verification disabled. So added the checksum calculation for IP header, now it is working. :) :) :) . Thanks allot for the help. Regards Sreekanth MK (29 Feb '16, 20:39) gladiator @gladiator, bear in mind that in the packet dissection tree, you can find two types of information: one that has been part of the frame/packet as it has been captured on the wire, and another one derived from the former by the dissector in order to make your own analysis easier. The latter falls into two categories, inter-packet relationship (like in which frame you can find a request for the response in the current frame, or vice versa, allowing you to filter packets on properties other than "physical" packet fields' values) and "expert info", informing you about conclusions which can be (almost) automatically made based on the captured data contents or about some settings. Expert info provides you with hints allowing you to speed up your own packet analysis. In particular, the (01 Mar '16, 03:17) sindy |
Do you capture using Wireshark on the same PC from which you send the ping requests? Does the capture show that the destination MAC address of the reply is the MAC of the PC? Does the PC have more than one network card (wired or wireless)?
Yes I captured on the same pc that I send ping request. Please see the attached images. left side shows the ping request from pc to hardware and right side shows the response. No, PC has only one wired connection.
PC IP :10.0.0.12 Hardware IP : 10.0.0.30
alt text
please see the attached images